1

This topic is about Docker networking, which I can't get to allow dockerised Jenkins to use a dockerised SMTP server.

Here's how I run my containers and connect them to a user-defined network, so that containers' name might be use as a target host:

# Run Jenkins image, with port binding, Docker sock sharing, and configuration sharing
docker run -d -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock -v /root/jenkins_conf/:/var/jenkins_home/ --name jenkins jenkins/jenkins:lts

# Run SMTP image
docker run -d --name smtp namshi/smtp

# Create user-defined network
docker network create jenkins-net

# Connect both containers
docker network connect jenkins-net jenkins
docker network connect jenkins-net smtp

Within my jenkins container, I can reach the smtp service via the default 'bridge' network:

$ (echo >/dev/tcp/172.17.0.5/25) &>/dev/null && echo "open" || echo "close"
open

and I can also reach it via my user-defined network, both via IP and hostname:

$ (echo >/dev/tcp/172.18.0.3/25) &>/dev/null && echo "open" || echo "close"
open
$ (echo >/dev/tcp/smtp/25) &>/dev/null && echo "open" || echo "close"
open

So far, so good.

But then, in Jenkins > Manage Jenkins > Configure System > E-mail notification, trying to use the test email sending tool gives me following results:

SMTP server: 172.17.0.5 (SMTP container IP on the default 'bridge' network)
SMTP port: 25

=> the email is sent and duly received !

SMTP server: 172.18.0.3 (SMTP container IP on my user-defined 'jenkins-net' network)
SMTP port: 25

=> Failed to send out e-mail com.sun.mail.smtp.SMTPAddressFailedException: 550 relay not permitted

SMTP server: smtp (SMTP container name on my user-defined 'jenkins-net' network)
SMTP port: 25

=> same error

Why the difference of behaviour from the SMTP server between the use of the 2 networks?

What am I missing about Docker networking?

Edit: So the quick solution was to run the smtp container with the --network option, instead of running it and then connecting it to the network. See Stefano's answer below for more details and adequacy.

Bob
  • 1,495
  • 1
  • 19
  • 24

1 Answers1

1

The problem you described is unrelated to the docker networking. The namshi/smtp image uses exim4 as SMTP. In this specific exim4 setup, you're required to provide the neworks from where it's allowed to connect and send email.

Checking the entrypoint.sh file, I found the following command:

dc_relay_nets "$(ip addr show dev eth0 | awk '$1 == "inet" { print $2 }' | xargs | sed 's/ /:/g')${RELAY_NETWORKS}"

This means that by default, it'll accept the emails coming from the IP address associated with the interface eth0 and other possible RELAY_NETWORKS (if defined).

Since the container is not attached by default to the jenkins-net network at the creation, it won't recognize as valid the emails coming from that address.

Try to start the containers like this:

docker network create jenkins-net
SUBNET=$( docker network inspect \
    -f '{{range .IPAM.Config}}{{.Subnet}}{{end}}' \
    jenkins-net )

docker run -d \
    --network jenkins-net \
    -e RELAY_NETWORKS=":${SUBNET}" \
    --name smtp \
    namshi/smtp

docker run -d \
    -p 8080:8080 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /root/jenkins_conf/:/var/jenkins_home/ \
    --network jenkins-net \
    --name jenkins \
    jenkins/jenkins:lts
Stefano
  • 4,730
  • 1
  • 20
  • 28
  • Interesting ! It actually appears that connecting the smtp container to jenking-net /after/ running the container is the cause of the problem, while running it with the --network jenkins-net parameter brings the expected results. In my current tests, I find that adding the -e RELAY_NETWORKS is unnecessary. Would you agree with that? – Bob Oct 31 '19 at 15:08
  • 1
    I agree for this specific case. I added the `RELAY_NETWORKS` for safety: if it happen that you've got more than 1 network, defining the networks when you create the container won't be enough. – Stefano Oct 31 '19 at 15:46